Upgraded pfsense - openVPN service not starting

So I just updated my home firewall to pfsense 2.4.5_p1 from 2.4.5 and now openVPN service won’t start. I had a site to site between home and work running until this update seems to have broken something.

When I try to start it, I see the following in the system --> general logs:

/status_services.php: The command ‘/usr/local/sbin/openvpn --config ‘/var/etc/openvpn/client1.conf’’ returned exit code ‘1’, the output was ‘’

with a failed to start on another line.

when I look at the system --> openVPN logs I get the following:

38276 Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client

I’ve rebooted a few times with no change and thinking I need to build this from the start again and see if different options appear.

Last choice is load the old OS back on it and restore the config.

I looked in the client config drop downs, and I see no where to select TCP-client, the only choices are TCP IPV4, etc., which is what worked before this upgrade.

Thanks! Maybe I’ll just revert back to 2.4.5 since that was working and wait for p2 to come out with the fix included. Have to see what kind of mood I’m in when I get home and decide how much digging I want to put in. I should probably just manually patch it for now, I’m stuck with TCP because my IT department won’t open UDP on the ports I have forwarded from their firewall. So wish I had my own connection, but not in the budget at $2500 per month for three years.

After stumbling around a bit I found the file in /etc/inc and managed to edit openvpn.inc and paste in the code in the fix. Started openVPN and it connected back to the server. Kind of a process for me and ended up installing the sudu package, not sure if I really needed this when I was SSH into the firewall, but sudu su got the job done. I’ll probably disable the sudo package for safety in a day or so after I know it will stay running.

Thanks again for the link to the fix, should have just searched there in the first place.

So I was told that you can use the system patches package to patch this, but going to that package which I had to install to get e2guardian running, I saw nothing that would let me simply copy and paste the patch. Going to need to dig farther.

I simply edited the /etc/inc/openvpn.inc file with vi, used “:set number” to bring up line numbers, scrolled to the correct number and inserted a couple lines of code, save and close vi. Then went to the web interface and started the openvpn service and everything popped back to life.

The code is in a link, in the link that Tom provided, and maybe one more link deep. Either way, it worked and will be fixed the next time pfsense is updated because it has already been commit. There is talk about why one would need TCP because wrapping tcp in another tcp can be an issue, but in my case I can not use UDP because the port will not be opened for me.